CVE-2013-5017
Symantec Web Gateway user.php SQL Injection and snmpConfig.php Command Injection Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors.
SNMPConfig.php en la consola de gestión en Symantec Web Gateway (SWG) anterior a 5.2.1 permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores no especificados.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is required to exploit this vulnerability.
The specific flaws exist within the user.php and snmpConfig.php files. SQL injection and command injection is possible through vulnerable request parameters. An attacker can leverage these vulnerabilities to read files and achieve remote code execution under the context of the root user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-07-29 CVE Reserved
- 2014-06-18 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/67752 | Third Party Advisory | |
http://www.securitytracker.com/id/1030443 | Third Party Advisory | |
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Symantec Search vendor "Symantec" | Web Gateway Search vendor "Symantec" for product "Web Gateway" | <= 5.2 Search vendor "Symantec" for product "Web Gateway" and version " <= 5.2" | - |
Affected
|